Driver updater

Sophos Home, Win7 support to the end of this year.

The free trial is sufficient.

I don't find it as spammy as AVG/Avast

(I won't mention the obvious elephant in the room)

I use AVG and W7pro32 ...

And my rule is don't trust driver updater services.

a) do you think that there are likely to be honest updates for W7 drivers?

b) if your current drivers suffice - why take a risk?

c) my approach is "free"...;)

PA

Indeed. If it wasn't for AVG nagging, I would be unaware of a problem.

Curiously, I fired up Avast on my wife's W7 laptop and it updated 6 or more programs but stuck on Acrobat Reader!

Free AV and the OS is supported :-)

Yes and even when they are official and say suitable for win 7, nobody has done exhaustive testing. I downdated again on an audio driver as it made the sound miss about a second of every sound the computer made as it seems to think it saves power, but on a desktop? It just stops me hearing my screenreader. Brian

Ha,ha!

I have been very well served by this re-furbished desk top and plan to hang on until it fails or W7 becomes so vulnerable that banks stop me connecting.

For the effort to upgrade to W10 I would look for a 64 bit version anyway.

>

Read up on browser SSL certificate updates :) (don't have to do anything about it now)

Have you got room to run two boxes side by side? A new refurbish from some other?

Sounds like one day it could be 'huge jump' time.

Firefox was unwelcome for NatWest a few years back but OK now.

Stack? Mine run 24 hours.

Indeed. However we just sold a house to a *microsoft local director* (whatever that means) so I live in hope:-)

>

Well you have two sensible options if you want to stay with win 7; put up with the marketing from the "free" AV suites, or you buy a paid for version. (and remember that MS security essentials died with win 7 eol as well)

If you are then sensible and keep on top of patch management (applications rather than the OS), and avoid know vulnerable software you will be ok for a while. Chrome will carry on supporting it for the rest of this year. Firefox will also be ok, but make sure you avoid using IE.

Ditch any ancient installs of flash, java, old versions of Adobe reader / acrobat reader and similar plugins. Take care opening office document formats etc.

Lastly, a working *and tested* backup strategy is always worth having :-)

To be fair, I would probably do the same.

Although it worth noting a that the effort to do an "in place" upgrade from a legit install of 7 to 10 is pretty much zero.

Download the tool, run it, select upgrade this PC, and answer the "I agree" prompts, and let it get on with it.

It's routine enough that I am happy to do it on unattended machines via remote control, and in most cases I even gain remote back once it's finished.

Curiously I am still getting Windows updates.

Firefox is my browser of choice and I don't knowingly use IE

Difficult to avoid Adobe.

Yes. Very little business related activity here now so I do a monthly back up to a separate drive.

Yes I've spotted that. This m/c has a legitimate licence but I'm nervous of the *re-learning* with anything new:-(

We know where you are:-)

If you opted for "microsoft update" rather than just basic windows, you may still get updates for other MS products within the windows update mechanism. Also they do still roll out a few critical updates for win 7 if the figure they are serious enough.

(they have to still develop them anyway, since some businesses are paying for extended support on Win 7)

Indeed - but you can make sure you are running an up to date version...

(or foxit reader is not bad (better in some respects), and probably less often targeted with exploits)

A couple of separate drives would be better (so you are not risking a working backup while making a new one). Also not leaving them connected to the machine, since that makes it easier for ransomware to get at them as well!

Yup I was also somewhat not looking forward to changing, but needs must! In reality you get used to it pretty fast IME. I have not had any users say they want to go back to 7 in the last couple of years.

Happy to assist if you want.

Right. I have wondered if the original (education authority) owners of this machine are funding it.

I am unlikely to pay much to ransom family photos. Business invoices etc. will have paper backup.

Annoying but not the end of the world.

I don't know about Windows 7, but for a number of years after Windows XP support ended, they were providing updates to big companies who paid for extended support - as so many used it. Even when much of that ended, XP was still embedded in many industrial/healthcare machines that there was no newer system for and millions of point-of-sale devices, so they carried on supporting those for even longer.

A couple of quick registry tweaks would let XP running on a PC persuade the Microsoft Update system that it was a point-of-sale device - and obtain free updates well after support "ended".

I wonder if there'll be something similar for Windows 7?

There are several portables kicking about on the net, 'Driver Updater Portable' is the latest one I got.

Also easy enough to make sure they are not vulnerable with an air gap at the required time.

I think the point was he did not want a driver updater, but was having one marketed at him via the free AV products.

The difficulty is that providing a credible and useful AV app and service takes serious money, so they probably feel justified in trying to make some return on the users of the "free" versions.

(and patch management in general is becoming a much hotter topic with time, since many compromises don't attempt to break the OS directly, but rely on exploiting a vulnerability in an application. Since users are less good an keeping those up to date for themselves (and not all apps do their own updating), apps are a soft target.

Yes. After 3 free years AVG clearly feel I need to be tempted with something useful.

Annoyingly, Avast on my wife's ancient laptop has done it for free without quibbling. (struggled with Adobe but that came back voluntarily next day).

Point of order.. is the vulnerability constant or only when that particular application is in use? I have removed Flash here but not from the laptop. Also, constant nagging about my address being visible. I don't really care if outlets near Houghton Regis put up their prices when they see me coming but how likely am I to be taken to a bogus website as they threaten?

>

Avast and AVG merged some time back and have rebranded all their business products as Avast now.

The vulnerability is when the application can be exploited - and for that it normally[1] needs to be running. So for example, having office open a maliciously crafted word doc, or reader display a compromised PDF, or windows try to render a malicious font. So anything associated with a file type as a default application can be vulnerable - since just attempting to access the relevant file type or process a particular MIME type, can cause it to be passed to an application that may have a vulnerability.

Alternatively they go for a poisoned watering hole approach; trying to compromise a web site at a popular destination so that it serves an exploit kit that attempts to break free of the web browser's sandbox, or find a weakness in a plug in application like flash or shockwave. and gain the ability to do remote code execution on the native computer platform. Or perhaps a malicious email that attempts to compromise the email software you are using. (or just to social engineer the reader of the email to do the exploiting for them!)

[1] There are times however when just having something installed can be a liability. The most common cases being where some fragment of a program gets routinely loaded - such as a shared library (perhaps to bestow on windows the ability to preview a file type). Installed popular libraries of code are useful for exploit hunters since they can be used to sidestep many of the defences that are now routinely built into modern OSes to protect against the more traditional buffer overflow attack. So called Return-oriented programming chains being a good example:

So the moral of the story, is keep the "attack surface" small - only have installed or running the things you actually need. Turn off services you don't use or reply on, and you take away opportunities for an attacker.

Address (as in IP) being visible for most applications is not that important when say at home on your own broadband connection. When forced to use public wifi hotspots etc, then there is value in using VPNs. Sometimes there are also benefits where you want to access "geofenced" content that is not visible from where you actually reside, or, if you want to access content that might be of questionable legality in the country you are accessing it. So for example a netflix user may want to watch content offered to US subscribers but not UK ones.

Thanks for this explanation and the detailed advice. Should there be a section added to the d-i-y Wiki for other computer semi-literates?

It seems 64 bit has security benefits which may encourage a change..

More helpful stuff snipped.

>